{"id":15109710,"url":"https://github.com/daffainfo/allaboutbugbounty","last_synced_at":"2026-01-26T13:02:51.384Z","repository":{"id":37009928,"uuid":"292318639","full_name":"daffainfo/AllAboutBugBounty","owner":"daffainfo","description":"All about bug bounty (bypasses, payloads, and etc)","archived":false,"fork":false,"pushed_at":"2023-09-08T12:00:58.000Z","size":270,"stargazers_count":6078,"open_issues_count":2,"forks_count":1195,"subscribers_count":174,"default_branch":"master","last_synced_at":"2025-02-11T13:23:39.537Z","etag":null,"topics":["bug","bugbounty","bugbountytips","bypass","hacking","infosec","payload","payloads","penetration-testing","pentest","reconnaissance","security","vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daffainfo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-09-02T15:15:54.000Z","updated_at":"2025-02-11T12:01:16.000Z","dependencies_parsed_at":"2024-01-14T06:04:17.129Z","dependency_job_id":"fe2dd170-e6c9-4e6c-b90f-893e1f4a5cbe","html_url":"https://github.com/daffainfo/AllAboutBugBounty","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2FAllAboutBugBounty","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2FAllAboutBugBounty/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2FAllAboutBugBounty/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2FAllAboutBugBounty/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daffainfo","download_url":"https://codeload.github.com/daffainfo/AllAboutBugBounty/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247364305,"owners_count":20927115,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug","bugbounty","bugbountytips","bypass","hacking","infosec","payload","payloads","penetration-testing","pentest","reconnaissance","security","vulnerability"],"created_at":"2024-09-25T23:22:21.162Z","updated_at":"2026-01-26T13:02:51.346Z","avatar_url":"https://github.com/daffainfo.png","language":null,"readme":"# All about bug bounty\nThese are my bug bounty notes that I have gathered from various sources, you can contribute to this repository too!\n\n![](https://img.shields.io/github/issues/daffainfo/AllAboutBugBounty)\n![](https://img.shields.io/github/forks/daffainfo/AllAboutBugBounty)\n![](https://img.shields.io/github/stars/daffainfo/AllAboutBugBounty)\n![](https://img.shields.io/github/last-commit/daffainfo/AllAboutBugBounty)\n\n## List Vulnerability\n- [Arbitrary File Upload](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Arbitrary%20File%20Upload.md)\n- [CRLF Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/CRLF%20Injection.md)\n- [Cross Site Request Forgery (CSRF)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Request%20Forgery.md)\n- [Cross Site Scripting (XSS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Cross%20Site%20Scripting.md)\n- [Denial of Service (DoS)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Denial%20Of%20Service.md)\n- [Exposed Source Code](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Exposed%20Source%20Code.md)\n- [Host Header Injection](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Host%20Header%20Injection.md)\n- [Insecure Direct Object References (IDOR)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Insecure%20Direct%20Object%20References.md)\n- [Local File Inclusion (LFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Local%20File%20Inclusion.md)\n- [Mass Assignment](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Mass%20Assignment.md)\n- [NoSQL Injection (NoSQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/NoSQL%20Injection.md)\n- [OAuth Misconfiguration](https://github.com/daffainfo/AllAboutBugBounty/blob/master/OAuth%20Misconfiguration.md)\n- [Open Redirect](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Open%20Redirect.md)\n- [Reflected File Download (RFD)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reflected%20File%20Download.md)\n- [Remote File Inclusion (RFI)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Remote%20File%20Inclusion.md)\n- [Server Side Include Injection (SSI Injection)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Include%20Injection.md)\n- [Server Side Request Forgery](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Server%20Side%20Request%20Forgery.md)\n- [SQL Injection (SQLi)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/SQL%20Injection.md)\n- [Web Cache Deception](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Deception.md)\n- [Web Cache Poisoning](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Web%20Cache%20Poisoning.md)\n\n## List Bypass\n- [Bypass 2FA](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%202FA.md)\n- [Bypass 403](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20403.md)\n- [Bypass 429](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20429.md)\n- [Bypass Captcha](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Bypass/Bypass%20Captcha.md)\n\n## Checklist\n- [Forgot Password Functionality](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Checklist/Forgot%20Password.md)\n- Register Functionality SOON!\n\n## CVEs\n- CVEs 2021 (https://github.com/daffainfo/AllAboutBugBounty/blob/master/CVEs/2021)\n- CVEs 2022 (SOON)\n- CVEs 2023 (SOON)\n\n## Miscellaneous\n- [Account Takeover](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Account%20Takeover.md)\n- [Broken Link Hijacking](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Broken%20Link%20Hijacking.md)\n- [Business Logic Errors](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Business%20Logic%20Errors.md)\n- [Default Credentials](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Default%20Credentials.md)\n- [Email Spoofing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Email%20Spoofing.md)\n- [JWT Vulnerabilities](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/JWT%20Vulnerabilities.md)\n- [Tabnabbing](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Misc/Tabnabbing.md)\n\n## Technologies\n- [Apache (HTTP Server)](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Apache%20HTTP%20Server.md)\n- [Confluence](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Confluence.md)\n- [Grafana](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Grafana.md)\n- [HAProxy](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/HAProxy.md)\n- [Jenkins](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jenkins.md)\n- [Jira](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Jira.md)\n- [Joomla](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Joomla.md)\n- [Laravel](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Laravel.md)\n- [Moodle](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Moodle.md)\n- [Nginx](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Nginx.md)\n- [WordPress](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/WordPress.md)\n- [Zend](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Technologies/Zend.md)\n\n## Reconnaissance\n- [Scope Based Recon](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Scope.md)\n- [Github Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Github%20Dorks.md)\n- [Google Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Google%20Dorks.md)\n- [Shodan Dorks](https://github.com/daffainfo/AllAboutBugBounty/blob/master/Reconnaissance/Shodan%20Dorks.md)\n\n## To-Do-List\n- [ ] Tidy up the reconnaisance folder\n- [ ] Added more lesser known web attacks\n- [x] Added CVEs folder\n- [ ] Writes multiple payload bypasses for each vulnerability\n  - [x] Payload XSS for each WAF (Cloudflare, Cloudfront, AWS, etc)\n  - [ ] Payload SQL injection for each WAF (Cloudflare, Cloudfront)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaffainfo%2Fallaboutbugbounty","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaffainfo%2Fallaboutbugbounty","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaffainfo%2Fallaboutbugbounty/lists"}